This is an automated archive.

The original was posted on /r/cybersecurity by /u/Shnarf_Shnarf_ on 2023-08-07 15:38:54+00:00.

Hello, recently started at a company and a intern has elevated privileges. They downloaded some software that was malicious but was taken care of by the EDR. They have local admin rights ( I know big red flag)

Situation - I asked if we could remove the Interns privilege access. I was told various departments need the access to be able to access the machine network. They change the IP of the machine to access this network. I didn’t get a straight answer if this is a group giving the permission or if it’s machine level.

Users change access to domain and back to the machine network regularly to access data and software repositories on the domain.

Is there a easier way to change IP addresses with out the need of local admin or elevated privileges.

I feel like the answer is no and this is a very dumb way to do this type of business.

I’m new to Industrial control systems any insight is greatly appreciated.